Crypto Phishing Scams Stole $12 Million In August

Crypto Phishing Scams Rise 72% In August To Steal Over $12 Million

Phishing scams drained more than $12 million from crypto users in August, marking a 72% increase in losses.
Nearly half of the stolen funds came from just three high-value whale accounts, with one alone losing $3.08 million.
Blockchain security firm Scam Sniffer linked much of the surge to attackers exploiting Ethereum’s EIP-7702 upgrade.

Phishing scams targeting cryptocurrency investors intensified in August 2025, draining more than $12 million from over 15,000 wallets across the sector.

Blockchain security firm Scam Sniffer reported that these losses represent a sharp month-over-month rise, climbing 72% compared with July. Notably, the number of victims also grew, increasing 67% over the same period.

Ethereum EIP 7702 Fuels Increase in Crypto Phishing Attacks

According to the firm, about 46% of phishing losses came from three high-value accounts, often referred to as whales. Together, these accounts lost $5.62 million, and one alone was exploited for $3.08 million.

Sponsored

Meanwhile, Scam Sniffer identified Ethereum’s EIP-7702 standard as the primary tool leveraged in August’s wave of attacks. The firm also noted an uptick in scammers tricking crypto users into sending money directly to malicious contracts.

Crypto Phishing Scams in April. Source: Scam Sniffer

EIP-7702 improves Ethereum wallets by temporarily allowing externally owned accounts (EOAs) to function like smart contract wallets.

This enables convenient features such as batching transactions, setting spending caps, integrating passkeys, and recovering wallets without changing addresses.

However, attackers have turned these same tools into a way to accelerate thefts.

Wintermute’s Dune Analytics dashboard shows that more than 80% of delegate contracts tied to EIP-7702 involve malicious activity. Notably, this has compromised more than 450,000 wallet addresses since its implementation this year.

Yu Xian, founder of the security company SlowMist, noted that awareness of how EIP-7702 can be weaponized remains low. He emphasized that organized criminal groups have enthusiastically embraced the mechanism, exploiting it across Ethereum Virtual Machine (EVM) ecosystems.

In light of the surge, Scam Sniffer has advised crypto users to be far more cautious when interacting with wallet requests.

They suggest verifying domains, avoiding rushed approvals, and refusing signatures that grant unlimited permissions or appear broader than necessary.

Additionally, suspicious prompts tied to EIP-7702 contract upgrades or mismatched transaction simulations should also raise alarms.